AutoIndex module provides the directory listing capability for Apache. If it's installed and enabled, Apache will show the index of a path or URL if no DirectoryIndex files are present.

Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.

Directory listing is a helpful feature though some might want to disable it for security or any other reason.

You can prevent directory listing for Apache by disabling mod_autoindex, setting appropriate options in the Apache configuration file, or by using .htaccess file.

If you're hosting on platforms such as cPanel, you can use platform-specific methods to disable Apache's directory listing.

Disable Apache directory listing by disabling autoindex module

The easiest way is to disable the autoindex module entirely, and disabling the module would affect all the sites hosted on the server.

  1. Launch your preferred terminal application
  2. Disable autoindex module for Apache.
    $ sudo a2dismod --force autoindex #Ubuntu, Debian and SUSE
    Module autoindex disabled.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    • Distributions with a2dismod support can simply run the command above without having to manually disable the required modules.
    • LoadModule directive for the corresponding autoindex module need to be manually disabled by removing or commenting (by adding # at the beginning) the line in the configuration file.
    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2dismod support yes yes no no no no
    Modules to uninstall none
    Module name n/a autoindex
    Loadmodule directive n/a #LoadModule autoindex_module <module_locations>/mod_autoindex.so
  3. Restart Apache for the changes to take effect.

Disable Apache directory listing via Directory's Options directive

You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.

  1. Open Apache's configuration file using your preferred text editor.
    $ sudo vi /etc/apache2/other/mysite.conf

    The configuration could be set globally or from within VirtualHost configuration.

  2. Add -Indexes to Options directive for required directory.
    <Directory /var/www/mysite>
        Options -Indexes
    </Directory>

    Notice that it's -Indexes and not +Indexes

  3. Restart Apache for the changes to take effect.

Disable Apache directory listing using .htaccess

If you don't have administrator access to the system or want to manage directory listing on a per-directory basis easily, you can use the above Options -Indexes directive in .htaccess files.

  1. Open or create .htaccess file on the directory that you want to disable listing using your preferred text editor.
    $ sudo vi /var/www/mysite/.htaccess
  2. Add -Indexes to Options directive in the .htaccess file.
    Options -Indexes
Discuss the article:

Comment anonymously. Login not required.